Security/Sandbox/2014-03-27

From MozillaWiki
Jump to: navigation, search


« previous week | index | next week »

27 March 2014 B2G

  • issue with sandbox on 1.3 (web RTC violating it)
  • arroway started looking at OPEN calls in layout (graphic buffer that uses QC HW library)
    • We can't just whitelist this called based on the arguments in the seccomp whitelist list
    • Remoting this thing (non-gecko code), so we can intercept the syscalls in the parent
    • This is perf sensitive, so remoting it is not ideal (IPDL slows us down)
    • the guy who did smth similar with binder https://phonebook.mozilla.org/#search/sikeda
    • libgenlock is not used in every device (at least on keon, buri, flame)
  • getUserMedia doesn't work on seccomp-enabled devices in 1.3

Windows

  • bbondy wrote up some docs about the windows sandbox
  • tabraldes has been reading docs and getting up to speed
    • next piece is sandbox openh264 stuff - [tabraldes] this will pick up once the openh264 stuff is in a state that can be worked on (Josh mentioned that it won't be there until next week or so)
    • on x64 win builds, sandbox building is failing -- tim files bugs

Linux:

  • jld is working on changing how we build the sandbox like chromium to check args passed to ioctl etc.